RESPONSIBILITIES:
Ensures the Cybersecurity/Risk Management Framework (RMF) posture in accordance with government directives and program requirements.
- Ensures Information Systems Security Officers (ISSOs), IT staff, and users follow established information security policies and procedures to protect, operate, maintain, and dispose of systems and data in accordance with security policies and practices as outlined in the assessment and authorization document packages.
- Assists with the development, review, and maintenance of Information Systems Security Plans (SSPs), Assessments, and Authorizations in accordance with Department of Defense (DoD) and other Federal mandated policies.
- Coordinates with the Insider Threat Program team to ensure insider threat detection and awareness is addressed.
- Engages in continuous dialog with US Government Agencies to provide changes in company’s security posture and learn of new government systems security requirements.
- Works with US Government Security Control Assessors (SCAs) and Authorizing Officials (AOs) to develop a comprehensive RMF package including SSPs, Information Continuous Security Monitoring Plans, and a Body of Evidence to support system authorization.
- Conducts risk assessments to identify potential threats, gauge the likelihood of exploitation based on mitigating factors, and determine the residual risk level for individual systems.
- Advises management on required security configurations and assists with the development of technical security enhancements for systems processing, housing, or transmitting Controlled Unclassified Information.
- Reviews and ensures implementation of bulletins and advisories that impact the security posture of information systems covered by SSPs.
- Conducts reviews and technical inspections to ensure compliance with the company and US Government policies, and to identify vulnerabilities or security weaknesses. Recommends corrective actions and ensures proper vulnerability reporting.
- Ensures the ISSO regularly audits all systems under purview to validate proper use, and that all documentation (i.e., training records, system baselines, etc.) is kept current.
- Ensures procedures are developed and followed for responding to security compliance incidents and investigating and reporting security violations and incidents as appropriate.
- Leads periodic cyber self-inspections to assess systems based on Defense Information System Agency, Security Technical Implementation Guide, National Industrial Security Program Operating Manual Chapter 8, Defense Joint Access Implementation Guide, Joint Access Implementation Guide, National Institute of Standards and Technology 800-171, Cybersecurity Maturity Model Certification or other similar requirements using vulnerability scanning tools and baseline security controls.
- Ensures a Plan of Action and Milestone (POA&M) is maintained for all security related vulnerabilities and continually update SCA’s and AO’s as to the current status of planned activities for correcting vulnerabilities associated with required security controls.
REQUIREMENTS:
Bachelor’s degree in an IT related or similar field and a minimum of four years’ experience in Information Technology or in an Information System Security Officer/Manager role.
Must have experience supporting various computer hardware platforms and multiple operating systems, both stand-alone and network configurations.
Must have DOD personnel clearance or ability to obtain and maintain a US Government Security Clearance.
Must have Working knowledge of security configuration requirements for individual applications (i.e., Microsoft Office, Web Browsers, Network Devices, etc.) and Physical Security.
Working knowledge of operating systems security features and settings of Windows or Linux Operating Systems (as appropriate to location) in physical and virtual environments is preferred.